VYPR

Telepresence Video Communication Server

by Cisco Systems, Inc.

CVEs (73)

  • CVE-2023-44487HigKEVOct 10, 2023
    risk 0.65cvss 7.5epss 1.00

    The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

  • CVE-2016-1468HigAug 8, 2016
    risk 0.57cvss 8.8epss 0.03

    The administrative web interface in Cisco TelePresence Video Communication Server Expressway X8.5.2 allows remote authenticated users to execute arbitrary commands via crafted fields, aka Bug ID CSCuv12531.

  • CVE-2017-3790HigFeb 1, 2017
    risk 0.56cvss 8.6epss 0.03

    A vulnerability in the received packet parser of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) software could allow an unauthenticated, remote attacker to cause a reload of the affected system, resulting in a denial of service (DoS) condition.…

  • CVE-2018-0409HigAug 15, 2018
    risk 0.49cvss 7.5epss 0.03

    A vulnerability in the XCP Router service of the Cisco Unified Communications Manager IM & Presence Service (CUCM IM&P) and the Cisco TelePresence Video Communication Server (VCS) and Expressway could allow an unauthenticated, remote attacker to cause a temporary service outage…

  • CVE-2018-0358HigJun 21, 2018
    risk 0.49cvss 7.5epss 0.03

    A vulnerability in the file descriptor handling of Cisco TelePresence Video Communication Server (VCS) Expressway could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to exhaustion of file descriptors while…

  • CVE-2016-1400HigMay 25, 2016
    risk 0.49cvss 7.5epss 0.02

    Cisco TelePresence Video Communications Server (VCS) X8.x before X8.7.2 allows remote attackers to cause a denial of service (service disruption) via a crafted URI in a SIP header, aka Bug ID CSCuy43258.

  • CVE-2018-15430HigOct 5, 2018
    risk 0.47cvss 7.2epss 0.03

    A vulnerability in the administrative web interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to execute code with user-level privileges on the underlying operating system. The vulnerability…

  • CVE-2017-6790MedAug 17, 2017
    risk 0.44cvss 6.8epss 0.02

    A vulnerability in the Session Initiation Protocol (SIP) on the Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the targeted appliance. The vulnerability is due to excessive SIP…

  • CVE-2016-9207MedDec 14, 2016
    risk 0.42cvss 6.5epss 0.02

    A vulnerability in the HTTP traffic server component of Cisco Expressway could allow an unauthenticated, remote attacker to initiate TCP connections to arbitrary hosts. This does not allow for full traffic proxy through the Expressway. Affected Products: This vulnerability…

  • CVE-2016-1444MedJul 7, 2016
    risk 0.42cvss 6.5epss 0.01

    The Mobile and Remote Access (MRA) component in Cisco TelePresence Video Communication Server (VCS) X8.1 through X8.7 and Expressway X8.1 through X8.6 mishandles certificates, which allows remote attackers to bypass authentication via an arbitrary trusted certificate, aka Bug ID…

  • CVE-2016-1338MedMar 12, 2016
    risk 0.42cvss 6.5epss 0.02

    Cisco TelePresence Video Communication Server (VCS) X8.5.1 and X8.5.2 allows remote authenticated users to cause a denial of service (VoIP outage) via a crafted SIP message, aka Bug ID CSCuu43026.

  • CVE-2016-1316MedFeb 9, 2016
    risk 0.35cvss 5.3epss 0.01

    Cisco TelePresence Video Communication Server (VCS) X8.1 through X8.7, as used in conjunction with Jabber Guest, allows remote attackers to obtain sensitive call-statistics information via a direct request to an unspecified URL, aka Bug ID CSCux73362.

  • CVE-2017-12287MedOct 19, 2017
    risk 0.28cvss 4.3epss 0.02

    A vulnerability in the cluster database (CDB) management component of Cisco Expressway Series Software and Cisco TelePresence Video Communication Server (VCS) Software could allow an authenticated, remote attacker to cause the CDB process on an affected system to restart…

  • CVE-2023-20209Aug 16, 2023
    risk 0.03cvss epss 0.38

    A vulnerability in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker with read-write privileges on the application to perform a command injection attack that could…

  • CVE-2019-1845Jun 5, 2019
    risk 0.01cvss epss 0.05

    A vulnerability in the authentication service of the Cisco Unified Communications Manager IM and Presence (Unified CM IM&P) Service, Cisco TelePresence Video Communication Server (VCS), and Cisco Expressway Series could allow an unauthenticated, remote attacker to cause a…

  • CVE-2022-20814Nov 15, 2024
    risk 0.00cvss epss 0.01

    A vulnerability in the certificate validation of Cisco Expressway-C and Cisco TelePresence VCS could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data. The vulnerability is due to a lack of validation of the SSL server…

  • CVE-2022-20853Nov 15, 2024
    risk 0.00cvss epss 0.01

    A vulnerability in the REST API of Cisco Expressway Series and Cisco TelePresence VCS could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF…

  • CVE-2024-20492Oct 2, 2024
    risk 0.00cvss epss 0.01

    A vulnerability in the restricted shell of Cisco Expressway Series could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, the attacker must have…

  • CVE-2024-20497Sep 4, 2024
    risk 0.00cvss epss 0.00

    A vulnerability in Cisco Expressway Edge (Expressway-E) could allow an authenticated, remote attacker to masquerade as another user on an affected system. This vulnerability is due to inadequate authorization checks for Mobile and Remote Access (MRA) users. An attacker could…

  • CVE-2024-20400Jul 17, 2024
    risk 0.00cvss epss 0.00

    A vulnerability in the web-based management interface of Cisco Expressway Series could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of HTTP request parameters. An attacker could…

Page 1 of 4